WebApp Sec mailing list archives
Detecting SoftICE ?
From: Bruce Klein <bruce.klein () iovation com>
Date: 10 May 2005 00:11:12 -0000
Hello all, I am writing a Win32 DLL and am currently trying to detect if SoftICE is present. I am trying the "classic" detection methods and for my version of SoftICE (4.3.2) under Windows XP, so far no method has succeeded at detecting it. The methods I am trying are well described in Viega & Messier's "Secure Programming Cookbook" and all over the net. One is the "Meltice" technique that looks for a virtual device named "\.\\NTICE"; the other uses the "Boundschecker" method that uses int 3, with "BCHK" in a register. I am having no luck with either method. Perhaps because the methods are obsolete with the current version of SoftICE. Perhaps because I'm doing something stupid. Given the above, I have two questions I'm hoping someone can answer: - Does anyone know a method to detect today's SoftICE? - Do the other methods even work (and for what versions)? I'd be happy to post the small source or answer any further questions. Thanks in advance.
Current thread:
- Detecting SoftICE ? Bruce Klein (May 11)
- Re: Detecting SoftICE ? mozilla (May 15)
- Re: Detecting SoftICE ? Florian Maier (May 15)